Behavioral task
behavioral1
Sample
c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8.exe
Resource
win10v2004-20230824-en
General
-
Target
1fb97ee37a2c5a979bc4dff4613f9fb2.bin
-
Size
34KB
-
MD5
9cefaf68e6e473ead1a177f9632bcb23
-
SHA1
91ca795eaf0110fa055a140b082820057d39131a
-
SHA256
d148ea5e4ded7cc817182e92711e41e3840db9c1d8fa5656d5e235bb4a696d85
-
SHA512
5b20ebd872f82202374b15ce1094c55111e8dd4e64e39b2ae5d5881de66df6d917c29783aa64df75479ad6380465677a29cc9f306d110f86c9d89427f5f44c90
-
SSDEEP
768:D5S+6saBt5Ub7fFw9AEPRBLKnHPIgOXmncUys2Ojo:E+87ammE5BiPF7cAxjo
Malware Config
Extracted
njrat
0.7d
Лошок
hakim32.ddns.net:2000
4.tcp.eu.ngrok.io:19914
af200c2dc24146f167c6cde4523f107f
-
reg_key
af200c2dc24146f167c6cde4523f107f
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8.exe
Files
-
1fb97ee37a2c5a979bc4dff4613f9fb2.bin.zip
Password: infected
-
c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ